Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file
-
Size
323KB
-
Sample
240920-rfgpzszgma
-
MD5
72f7c1208efd829ad580e839494a681c
-
SHA1
d636bbd7470cc3bfa5047d52ba78c48d5269f3f7
-
SHA256
e63036cb18083af12146e4a679bb5ae0cefea310a083c6dc78a8c88365896fe5
-
SHA512
7fd40218ce72b1a9ff422f9d92dbccdda376eb4e519c90a61fdb48868b9effb8f13f37dc1e288c0fcf4717c946433252518fd16bc49480238d8a46c459310d06
-
SSDEEP
6144:JRJ+dXQfkINIrPVJQ1gjbNL1qa41Brn1ouauy+gPE06qlGkNh8EYs:IImrnvbNi/quy+cEY8QV
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
193.233.255.84:4284
Targets
-
-
Target
file
-
Size
323KB
-
MD5
72f7c1208efd829ad580e839494a681c
-
SHA1
d636bbd7470cc3bfa5047d52ba78c48d5269f3f7
-
SHA256
e63036cb18083af12146e4a679bb5ae0cefea310a083c6dc78a8c88365896fe5
-
SHA512
7fd40218ce72b1a9ff422f9d92dbccdda376eb4e519c90a61fdb48868b9effb8f13f37dc1e288c0fcf4717c946433252518fd16bc49480238d8a46c459310d06
-
SSDEEP
6144:JRJ+dXQfkINIrPVJQ1gjbNL1qa41Brn1ouauy+gPE06qlGkNh8EYs:IImrnvbNi/quy+cEY8QV
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2